Author Archives: Sean Lyngaas

By hacking one of their own homes, researchers want to open a window on IoT security

Posted on by

A year ago, cybersecurity researchers at Trend Micro who were tinkering with home-automation systems in their spare time decided to make a formal project out of it. One of the researchers invited the others to hack his smart home in Germany and see what they could find out about the underlying protocols used in it. They quickly discovered that not only was the system susceptible to manipulation, but it was also ill-equipped to detect it. The owner of the home found himself moving from room to room, trying to figure out why his lights and window blinds weren’t working. Stephen Hilt, a senior threat researcher at Trend Micro, had inadvertently carried out a denial-of-service attack on devices running on a popular building-automation protocol in the house. The researchers knew where the attack was coming from — Hilt was using a software-defined radio to jam the devices, flooding them with noise — but they didn’t realize how effective it would be. “That was […]

The post By hacking one of their own homes, researchers want to open a window on IoT security appeared first on CyberScoop.

Continue reading By hacking one of their own homes, researchers want to open a window on IoT security

Alphabet’s Chronicle banks on big data with new threat analysis platform

Posted on by

Chronicle, the cybersecurity firm stood up last year by Google parent company Alphabet, entered the threat analysis business Monday when it announced a cloud-based platform that compares reams of network data with malicious cyber activity. In doing so, Chronicle is betting that Google’s access to immense amounts of stored data will help security professionals make better sense of information in what is already a crowded threat-intelligence market. The tool, called Backstory, allows companies to upload their internal security data and then analyze it, offering a repository stretching back years. It constantly compares that historical corporate ledger with new threat data to inform companies of any “historical access” to malicious domains or files, according to Chronicle. Hackers can linger on organizations’ networks for months, if not longer, and Backstory aims to use Google’s search capabilities to find breaches that slipped through the cracks. “Backstory was designed for a world where companies generate massive amounts […]

The post Alphabet’s Chronicle banks on big data with new threat analysis platform appeared first on CyberScoop.

Continue reading Alphabet’s Chronicle banks on big data with new threat analysis platform

IBM interns find 19 vulnerabilities in corporate check-in systems

Posted on by

A pair of precocious interns at IBM’s red-teaming unit has found 19 previously undisclosed vulnerabilities in the automated systems that companies use to check visitors into their facilities. A hacker exploiting the security flaws could access visitor logs, contact information, and other company data, and use that access to go after corporate networks, the IBM X-Force Red researchers said. The study of five popular visitor-management systems is a warning of the risk of automating common societal tasks without security precautions. These systems are supplanting security guards as an efficient way of enabling access to a building, and apparent negligence in their architecture leaves them vulnerable. The interns, Hanna Robbins and Scott Brink, are students at the University of Tulsa and the Rochester Institute of Technology, respectively, according to their LinkedIn profiles. Robbins and Brink found default administrative login credentials that would give attackers complete control of a visitor-management application. They […]

The post IBM interns find 19 vulnerabilities in corporate check-in systems appeared first on CyberScoop.

Continue reading IBM interns find 19 vulnerabilities in corporate check-in systems

A server likely used by Lazarus Group offers clues to a broader espionage campaign

Posted on by

An analysis of a command-and-control server suspected of being used by North Korean hackers shows it was the centerpiece of a previously discovered global espionage campaign that is broader and longer-running than initially understood, security researchers with McAfee announced Sunday. The campaign began as early as September 2017, a year earlier than previously documented, and is targeting financial services and government organizations, among others, researchers said. Most of the malicious activity is against organizations in Germany, Turkey, the U.S., and the United Kingdom, the researchers said. In December, McAfee published research on the espionage campaign, dubbed Operation Sharpshooter, saying it hit 87 organizations – including those in the nuclear, defense, and financial sectors – in October and November alone. After picking apart code and other data from the server, McAfee researchers say they’ve found “striking similarities” between last year’s attacks and several others attributed to Lazarus Group, a broad set of […]

The post A server likely used by Lazarus Group offers clues to a broader espionage campaign appeared first on CyberScoop.

Continue reading A server likely used by Lazarus Group offers clues to a broader espionage campaign

NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking

Posted on by

The United States will do more to disrupt the malicious cyber-activity that foreign adversaries are aggressively using to advance their interests, a National Security Agency official said Thursday. “We have to impose costs in a visible way to start deterrence,” said Rob Joyce, senior cybersecurity adviser at NSA. “We have to go out and try to make those operations less successful and harder to do.” Speaking to an industry association in Hanover, Maryland, Joyce cited the 2017 WannaCry and NotPetya malware outbreaks — and Russia’s use of information operations in the 2016 U.S. election — as examples of nation-states moving from “exploitation to disruption” to impose their will in cyberspace. Washington has blamed North Korea and Russia, respectively, for the devastating WannaCry and NotPetya attacks, which cost billions of dollars in economic damage. Some foreign governments have less legal constraints on their activities in cyberspace than the U.S., Joyce told a local […]

The post NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking appeared first on CyberScoop.

Continue reading NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking

How hackers are extorting Instagram users and throwing away the key

Posted on by

A hacking group has been phishing the owners of popular Instagram accounts, extorting the victims, and then keeping them from recovering the stolen accounts, according to new research that underscores how attackers are exploiting the value of social-media brands. “We’ve seen cases where owners of Instagram profiles with followers between 15,000 and 70,000 were hacked and were never retrieved,” researchers from cybersecurity company Trend Micro wrote in a Thursday blog post. “The victims ranged from famous actors and singers to owners of startup businesses like photoshoot equipment rentals.” As with many a breach, the attack starts with a phishing email. Trend Micro researchers got a hold of the hackers’ phishing kit to explore further. The lure purports to be a message from Instagram asking users to get a “verified badge” and encourages them to submit login credentials. Once the hackers have access to the Instagram profile and the email associated […]

The post How hackers are extorting Instagram users and throwing away the key appeared first on CyberScoop.

Continue reading How hackers are extorting Instagram users and throwing away the key

Hackers turn Bangladeshi embassy website into cryptomining scheme

Posted on by

The websites of foreign embassies are often where people go to download visa applications and other documents They are also ripe openings for embedding malware. Criminal hackers have taken notice. In the case of the Bangladesh Embassy in Cairo, attackers appear to be using the website to mine cryptocurrency, according to research published Wednesday by SpiderLabs, the security team of Chicago-based company Trustwave. Almost the entire embassy website appears to be compromised, with nearly every attempt to access a URL ending in a request to save a malicious file, the researchers said. Only three of 69 antivirus engines detected the infected website as malicious. “This level of compromise usually indicates the attacker’s ability to not only upload their own data, but also change the web server’s configuration,” SpiderLabs’ Nikita Kazymirskyi wrote in a blog post. The hackers appear to have breached the website in October. In January, SpiderLabs noticed a Microsoft Word […]

The post Hackers turn Bangladeshi embassy website into cryptomining scheme appeared first on CyberScoop.

Continue reading Hackers turn Bangladeshi embassy website into cryptomining scheme

Inside a Chinese APT’s very flexible playbook

Posted on by

A maxim of cybersecurity holds that hackers will exert just enough resources to compromise a network or avoid detection. Why deploy new, top-shelf tools when you can just refashion old ones? The strategy on full display in research on a Chinese government-linked hacking group that Dell Technologies’ SecureWorks published Wednesday. The hackers — categorized as an advanced persistent threat by researchers and usually labeled APT27 or Bronze Union — dusted off and upgraded a couple of long-available digital weapons to carry out intrusions in 2018, the report said. “The threat actors have access to a wide range of tools, so they can operate flexibly and select tools appropriate for intrusion challenges,” the research says. One remote access trojan (RAT) was developed over a decade ago, but Bronze Union added a packet redirection tool and digital certificates signed by two Chinese technology companies before deploying it last year, according to the research. The […]

The post Inside a Chinese APT’s very flexible playbook appeared first on CyberScoop.

Continue reading Inside a Chinese APT’s very flexible playbook

Ukraine’s president accuses Russia of launching cyberattack against election commission

Posted on by

Weeks before Ukraine’s presidential election, the country’s president has accused the Russian government of conducting distributed denial-of-service attacks on Ukraine’s election commission, according to local media reports. The DDoS attacks took place Sunday and Monday on the Central Election Commission, Ukrainian President Petro Poroshenko said Tuesday in Kiev, the Interfax-Ukraine News Agency reported. Ukrainian national security and law enforcement authorities “developed protection mechanisms” against the attacks in coordination with “our American partners,” Poroshenko is quoted as saying. Few specific details about the attack were available. The Russian Embassy in Washington could not immediately be reached for comment. Ukrainians are scheduled to vote on March 31 in what is expected to be boisterous presidential election. Ukraine’s infrastructure has repeatedly been targeted by suspected Russian hackers in recent years, and outside analysts and Ukrainian officials have warned that Moscow could try to intervene in the election. “The available information indicates that Russia intends to use […]

The post Ukraine’s president accuses Russia of launching cyberattack against election commission appeared first on CyberScoop.

Continue reading Ukraine’s president accuses Russia of launching cyberattack against election commission

North Korean hackers go on phishing expedition before Trump-Kim summit

Posted on by

As President Donald Trump and North Korea’s Kim Jong Un prepare to meet again, cybersecurity researchers say Pyongyang-linked hackers are targeting Korean speakers with spearphishing emails tied to the diplomatic summit. The suspected North Korean hackers sent out a lure document last week purporting to be from a non-government organization, according to South Korean company ESTsecurity. The invitation from the “Korea-U.S. Friendship Society” invites recipients to a meeting in the South Korean capital of Seoul to analyze the results of the Trump-Kim summit, which begins Wednesday. Trump and Kim will discuss North Korea’s nuclear program, which, along with hacking tools, is a key pillar of the regime’s foreign policy. The spearphishing document was formatted in a South Korean word-processing application and came with malicious code associated with North Korean operatives, said ESTsecurity, a company that multiple independent researchers say does good analytical work. Cybersecurity company CrowdStrike has seen that same […]

The post North Korean hackers go on phishing expedition before Trump-Kim summit appeared first on CyberScoop.

Continue reading North Korean hackers go on phishing expedition before Trump-Kim summit